DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43230>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43230 Summary: Inclusive C14n doesn't always handle xml:space & xml:lang attributes correctly Product: Security Version: Java 1.4.1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] There is a very subtle bug in the inclusive C14N implementation that sometimes causes xml:space and xml:lang attributes to be handled incorrectly. Given the following input: <?xml version="1.0" encoding="UTF-8"?> <ietf:Xmllang xmlns:ietf="http://www.ietf.org"; xmlns:w3c="http://www.w3.org";> <ietf:e1 xml:lang="EN"> <ietf:e11> <ietf:e111 /> </ietf:e11> <ietf:e12 at="2"> <ietf:e121 /> </ietf:e12> </ietf:e1> <ietf:e2 > <ietf:e21 /> </ietf:e2> </ietf:Xmllang> and an XPath expression of "ancestor-or-self::ietf:e1", the c14n representation should be: <ietf:e1 xmlns:ietf="http://www.ietf.org"; xmlns:w3c="http://www.w3.org"; xml:lang="EN"> <ietf:e11> <ietf:e111></ietf:e111> </ietf:e11> <ietf:e12 at="2"> <ietf:e121></ietf:e121> </ietf:e12> </ietf:e1> However, the current behavior is: <ietf:e1 xmlns:ietf="http://www.ietf.org"; xmlns:w3c="http://www.w3.org"; xml:lang="EN"> <ietf:e11> <ietf:e111></ietf:e111> </ietf:e11> <ietf:e12 at="2" xml:lang="EN"> <ietf:e121></ietf:e121> </ietf:e12> </ietf:e1> Notice the xml:lang attribute in the "ietf:e12" element, which was incorrectly copied from the parent. The bug is in Canonicalizer20010315.java, in the XmlAttrStack.push() method: --- Canonicalizer20010315.java (revision 548379) +++ Canonicalizer20010315.java (working copy) @@ -72,7 +72,7 @@ if (currentLevel==-1) return; cur=null; - while (lastlevel>currentLevel) { + while (lastlevel>=currentLevel) { levels.remove(levels.size()-1); if (levels.size()==0) { lastlevel=0; The bug is that the implementation was taking the previous sibling's attribute context into account, which is not an ancestor, and thus the attributes were being inherited incorrectly in some cases. The simple change above fixes that. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
